For some reason, @Eva Seydl marked this as the best answer? This is no answer so for it to be marked best answer is no good. What would VMWare have to do with this at all? It obviously either a certificate issue or a permission issue with Microsoft and there is no documentation or guidance to move on.

While I appreciate Pieter's effort, pushing this off as a VMWare issue is really just passing the buck. I'm not looking for buck passing, but help or answers. Problem has not been resolved or answered.

@McGentrix it's pretty difficult to troubleshoot this over forum posts especially when additional 3rd party components (VMware/Barracuda appliances) are included for which we don't own the code nor experience. Would it be possible to test without any of that involved using a basic infrastructure before adding proxies?

Side note: WVD doesn't use 3389 but 443 only. The VM creates an outbound 443/TCP connection into our management plane and ties the connection coming from the client. 

Thanks,

Pieter

@McGentrix : Please contact as suggested VMWare to confirm this is not a bug within the management plane.

Thank you!

@PieterWigleven The issue is repeatable inside the DMZ going to local address which rules out the load balancers and any connectivity issues.

@McGentrix If this is not using VMware you can could use PowerShell to see diagnose issues: https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service 
We see this error a lot when there's a UPN mismatch between AAD and AD. 

If it is VMware, we are unable to help you. Apart from the OS, the code used here is not in our control.

@PieterWigleven I am questioning now if you even read the problem I am having. Go back, read the OP and tell me how the help you are providing is helping. 

@McGentrix your opening statement is "University setting, VMWare & Microsoft" so, are you using VMWare? You have also posted this question in the Windows Virtual Desktop community: are you using WVD? Is it VMWare integration with WVD; or neither?

To effectively troubleshoot your connectivity issue the best approach is to first remove all of the non-Microsoft components from the network path then re-test. Your description also suggests that you don't have an RD Gateway. Do you have all of the components required for a fully functioning RDS environment https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/desktop-hosting-logic...

@Danny Newport  "You have also posted this question in the Windows Virtual Desktop community:" Well that explains it... When I started this, I was in https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/bd-p/WindowsServer

We don't even use WVD so this should not be in this community.